AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-11-22 · Documentation low

File: wellarchitected/latest/generative-ai-lens/gensec01-bp01.md

Summary

Enhanced documentation on least privilege access for generative AI workloads, including added guidance for Amazon SageMaker HyperPod roles, IAM policies, and network security controls.

Security assessment

The changes expand security best practices documentation by adding detailed IAM role guidance for SageMaker HyperPod (cluster admin vs data scientist roles), network security via PrivateLink, and granular permission controls. While this improves security documentation, there's no evidence of addressing a specific vulnerability.

Diff

diff --git a/wellarchitected/latest/generative-ai-lens/gensec01-bp01.md b/wellarchitected/latest/generative-ai-lens/gensec01-bp01.md
index 2d11499a0..483319549 100644
--- a//wellarchitected/latest/generative-ai-lens/gensec01-bp01.md
+++ b//wellarchitected/latest/generative-ai-lens/gensec01-bp01.md
@@ -26 +26 @@ Granting least privilege access to foundation model endpoints helps limit uninte
-Least privilege access is important to establish an identity-based layer of security for generative AI workloads. It helps verify that access to foundation model endpoints is granted to authorized identities only while also helping verify the data received matches the authorization boundary of their role in their organization. 
+Least privilege access is important to establish an identity-based layer of security for generative AI workloads. It helps verify that access to foundation model endpoints is granted to authorized identities only while also helping verify the data received matches the authorization boundary of their role in their organization. Organization AI policy documents should describe permission boundaries for AI systems, related data stores, and other related components to a generative AI workflow. This policy document should be reviewed as part of a regular access review for AI workloads. 
@@ -28 +28 @@ Least privilege access is important to establish an identity-based layer of secu
-Amazon Bedrock, the Amazon Q family of applications, and Amazon SageMaker AI feature endpoint APIs. Client applications can access the APIs directly through SDKs, open source frameworks or custom abstraction layers. You can use AWS Identity and Access Management to limit access to foundation model endpoints to IAM roles. These roles should be granted least privilege access and utilize session durations and permissions boundaries to further control access. [AWS PrivateLink](https://aws.amazon.com/privatelink/) connections can be established from customer VPCs to Amazon generative AI services to further secure communication. 
+Amazon Bedrock, the Amazon Q family of applications, and Amazon SageMaker AI feature endpoint APIs. Client applications can access the APIs directly through SDKs, open source frameworks or custom abstraction layers. You can use AWS Identity and Access Management to limit access to foundation model endpoints to IAM roles. These roles should be granted least privilege access and utilize session durations and permissions boundaries to further control access. 
@@ -30 +30,15 @@ Amazon Bedrock, the Amazon Q family of applications, and Amazon SageMaker AI fea
-Additionally, model access can be controlled at the organization layer through other policy types such as Service Control Policies, Resource Control Policies, Session Policies and Permission boundaries. These policy types can provide ways to block or restrict models your organization has not approved in addition to services you may want to restrict by accounts, regions, organization and the maximum permissible boundary allowed for IAM users. [Other policy types](https://docs.aws.amazon.com/bedrock/latest/userguide/security-iam.html#security_iam_access-manage) offered by Amazon Q Developer manage access through a subscription model. When provisioning subscription-level access to a generative AI service, confirm that the user needs that access and that subscription level matches the required access level to the service. Identity based permissions and subscription based service access can be managed through single-sign-on (SSO) to integrate with your enterprise identity provider. 
+[AWS PrivateLink](https://aws.amazon.com/privatelink/) connections can be established from customer VPCs to Amazon generative AI services to further secure communication. For endpoints hosted on an Amazon SageMaker AI inference endpoint, employ least privileged network access to the inference endpoint, and verify that only the systems allowed to perform inference on the endpoint can do so. 
+
+Amazon SageMaker AI Hyperpod defines two primary roles: cluster admin users and data scientist users. 
+
+Cluster admins are responsible for creating, configuring, and managing HyperPod clusters, including setting up IAM roles, orchestrator access (EKS or Slurm), and permissions for cluster resources. 
+
+Data scientist users focus on running ML workloads, connecting to clusters, and submitting jobs using the orchestrator CLI or HyperPod CLI. 
+
+To help protect these roles following the best practice of least privilege, each role should be granted only the permissions necessary for their tasks. Cluster admins should have granular IAM policies that allow them to manage clusters and assign roles, but not unrestricted access to all AWS resources. Data scientists should be assigned roles that permit only the actions needed to submit and monitor jobs, such as starting sessions or accessing specific S3 buckets. 
+
+HyperPod clusters themselves must assume roles with the minimum required permissions (like `AmazonSageMaker AIHyperPodServiceRolePolicy`) to interact with AWS services such as Amazon S3, Amazon CloudWatch, and Amazon EC2 Systems Manager. Using IAM condition keys, RBAC (for EKS), and resource tagging further refines access control, verifying that both cluster admins and data scientists operate within tightly scoped permissions and reducing the risk of unauthorized access to foundation model endpoints and sensitive resources. 
+
+Additionally, model access can be controlled at the organization layer through other policy types such as service control policies, resource control policies, session policies, and permission boundaries. These policy types can provide ways to block or restrict models your organization has not approved in addition to services you may want to restrict by accounts, Regions, organization, and the maximum permissible boundary allowed for IAM users. 
+
+[Other policy types](https://docs.aws.amazon.com/bedrock/latest/userguide/security-iam.html#security_iam_access-manage) offered by Amazon Q Developer manage access through a subscription model. When provisioning subscription-level access to a generative AI service, confirm that the user needs that access and that subscription level matches the required access level to the service. Identity-based permissions and subscription-based service access can be managed through single-sign-on (SSO) to integrate with your enterprise identity provider. 
@@ -57 +71 @@ Additionally, model access can be controlled at the organization layer through o
-**Related practices:**
+**Related best practices:**
@@ -72 +86 @@ Additionally, model access can be controlled at the organization layer through o
-**Related guides, videos, and documentation:**
+**Related documents:**
@@ -81,0 +96,8 @@ Additionally, model access can be controlled at the organization layer through o
+  * [AWS Identity and Access Management for SageMaker AI HyperPod](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites-iam.html)
+
+  * [IAM users for cluster admin](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites-iam.html#sagemaker-hyperpod-prerequisites-iam-cluster-admin)
+
+  * [IAM users for scientists](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites-iam.html#sagemaker-hyperpod-prerequisites-iam-cluster-user)
+
+  * [IAM role for SageMaker AI HyperPod](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites-iam.html#sagemaker-hyperpod-prerequisites-iam-role-for-hyperpod)
+